Executive Summary
Summary | |
---|---|
Title | wpa_supplicant security and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2015:1439 | First vendor Publication | 2015-07-22 |
Vendor | RedHat | Last vendor Modification | 2015-07-22 |
Severity (Vendor) | Low | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated wpa_supplicant package that fixes one security issue and adds one enhancement is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash. (CVE-2015-4142) This update includes the following enhancement: * Prior to this update, wpa_supplicant did not provide a way to require the host name to be listed in an X.509 certificate's Common Name or Subject Alternative Name, and only allowed host name suffix or subject substring checks. This update introduces a new configuration directive, 'domain_match', which adds a full host name check. (BZ#1186806) All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue and adds this enhancement. After installing this update, the wpa_supplicant service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1221178 - CVE-2015-4142 wpa_supplicant and hostapd: integer underflow in AP mode WMM Action frame processing |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2015-1439.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-10-30 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1201.nasl - Type : ACT_GATHER_INFO |
2016-09-26 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1104.nasl - Type : ACT_GATHER_INFO |
2016-09-15 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2305-1.nasl - Type : ACT_GATHER_INFO |
2016-06-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-17.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-cfea96144a.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6f16b5e39e.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-1521e91178.nasl - Type : ACT_GATHER_INFO |
2015-12-09 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2221-1.nasl - Type : ACT_GATHER_INFO |
2015-11-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3397.nasl - Type : ACT_GATHER_INFO |
2015-08-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150722_wpa_supplicant_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-07-30 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2015-1439.nasl - Type : ACT_GATHER_INFO |
2015-07-28 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2015-1439.nasl - Type : ACT_GATHER_INFO |
2015-07-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1439.nasl - Type : ACT_GATHER_INFO |
2015-07-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-260.nasl - Type : ACT_GATHER_INFO |
2015-06-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2650-1.nasl - Type : ACT_GATHER_INFO |
2015-06-16 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2015-1090.nasl - Type : ACT_GATHER_INFO |
2015-06-15 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-411.nasl - Type : ACT_GATHER_INFO |
2015-06-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150611_wpa_supplicant_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1090.nasl - Type : ACT_GATHER_INFO |
2015-06-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2015-1090.nasl - Type : ACT_GATHER_INFO |
2015-06-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_bbc0db92084c11e5bb90002590263bf5.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-12-05 13:28:10 |
|
2015-07-31 13:29:10 |
|
2015-07-24 13:30:05 |
|
2015-07-22 09:24:27 |
|